Former Army Soldier Pleads Guilty in Major Cybercrime Spree Targeting AT&T, Snowflake

Breached Company

Breached Company

7 min read
Former Army Soldier Pleads Guilty in Major Cybercrime Spree Targeting AT&T, Snowflake
Photo by Killian Cartignies / Unsplash

A 21-year-old former U.S. Army soldier has pleaded guilty to orchestrating a widespread cybercrime campaign that targeted major telecommunications companies and cloud service providers, marking what cybersecurity experts are calling one of the most significant wins in the fight against cybercrime.

The Teenage Hacker Who Stole 70 Million Records: The Matthew Lane Case
How a 19-year-old college student from Massachusetts orchestrated one of the largest data breaches in U.S. history https://www.justice.gov/d9/2025-05/us_v._matthew_lane_-_information.pdf The stereotype of the hoodie-wearing hacker operating from a dark basement was shattered in May 2025 when 19-year-old Matthew
Breached CompanyBreached Company

The Defendant and Charges

Cameron John Wagenius, 21, who used the nickname "kiberphant0m" online, has pleaded guilty to conspiracy to commit wire fraud, extortion in relation to computer fraud, and aggravated identity theft. Cameron Wagenius faces a maximum of 27 years in prison, with Wagenius is scheduled to be sentenced on October 6 and faces over 20 years behind bars.

The case represents a significant escalation in cybercrime prosecutions, as "He pled guilty without even a plea bargain, and the government might still file additional charges. Amazing." according to court observers.

The Growing Insider Threat: How U.S. Military and Intelligence Personnel Are Being Recruited as Spies
The numbers are staggering: the FBI opens a new China-related counterintelligence case every 10 hours, and 2025 has already seen more military espionage arrests than many entire years in recent history. What’s driving this surge in insider threats, and why are our own personnel betraying national security for surprisingly modest
Breached CompanyBreached Company

Timeline of Criminal Activity

Wagenius was an active duty soldier and stationed in South Korea and at Fort Cavazos in Texas when he conducted the hacks between April 2023 and Dec. 18, 2024. The soldier's criminal activities spanned multiple continents while he was serving his country, creating a particularly troubling case for military and cybersecurity officials.

Police detained Cameron John Wagenius, 20, on Dec. 20 near the U.S. Army's military base Fort Cavazos, formerly known as Fort Hood, in Texas, following a sealed indictment filed on December 18 in Seattle federal court.

Former U.S. Soldier Pleads Guilty to Hacking and Extortion Scheme Involving Telecommunications Companies
A former Army soldier, who was most recently stationed in Texas, pleaded guilty today to conspiring to hack into telecommunications companies’ databases, access sensitive records, and extort the telecommunications companies by threatening to release the stolen data unless ransoms were paid.
Department of Justice Logo Office Of Public Affairs

The Scope of the Attack

The cybercrime operation was extensive in both scale and ambition. He worked with two other hackers and allegedly stole thousands of sensitive call records, according to court documents. The financial motivation was substantial: Wagenius and several others sought at least $1 million in ransoms for the stolen data.

Connection to Major Data Breaches

While Authorities did not name Wagenius' alleged victims in court filings. AT&T in July confirmed cybercriminals accessed the company's Snowflake environment in April and stole customer data, the timing and methods strongly suggest connections to the broader Snowflake customer breach campaign that affected multiple major corporations.

The case is part of a larger investigation into attacks on Snowflake customers, with Connor Moucka was arrested on October 30 in Ontario, Canada at the behest of the United States, indicating an international scope to the criminal enterprise.

The IntelBroker Unmasking: Inside the $25 Million Cybercrime Empire That Shook the Dark Web
How the arrest of Kai West revealed the scope of modern cybercrime and the resilience of underground forums https://www.justice.gov/usao-sdny/media/1404616/dl?inline The cybersecurity world was shaken this week when federal prosecutors in New York unveiled criminal charges against Kai West, the 25-year-old British national
Breached CompanyBreached Company

Methods and Motivation

The investigation revealed disturbing details about Wagenius's methods and potential motivations. Federal prosecutors accuse Cameron Wagenius of searching how to defect to Russia before he tried to sell stolen data to a foreign intelligence service. This revelation adds a national security dimension to what initially appeared to be financially motivated cybercrime.

Prosecutors said that in addition ... of the stolen phone records unless he was paid, demonstrating the extortion tactics employed by the criminal group.

Multiple Plea Agreements

Wagenius's legal troubles unfolded in stages. Cameron Wagenius had already pleaded guilty to other charges earlier this year, before entering additional guilty pleas for the more serious charges. Cameron John Wagenius, the accused, informed a federal court in Seattle of his plea on Wednesday following his arrest in January 2025.

The charges specifically involved Wagenius previously pleaded guilty to "unlawfully posting and transferring confidential phone records information, including those allegedly pertaining to high-ranking public officials." This detail suggests the breach may have affected government officials or other high-profile individuals.

Law Enforcement Response

The investigation benefited from private sector cooperation. The DOJ thanked private companies Flashpoint and Unit 221B for their assistance with the investigation. This public-private partnership approach has become increasingly important in complex cybercrime cases.

A researcher that helped with the investigation called this 'one of the most significant wins in the fight against cybercrime.' The successful prosecution demonstrates the increasing sophistication of law enforcement's approach to cybercrime investigations.

Global Cybercrime Crackdown: Major Law Enforcement Operations of 2024-2025
As digital crime continues to evolve in sophistication and scale, international law enforcement agencies have responded with increasingly coordinated global operations. These efforts have resulted in significant arrests, infrastructure takedowns, and the disruption of major cybercriminal networks. The period of 2024-2025 has seen some of the most impactful cybercrime operations
Breached CompanyBreached Company

Broader Implications

The case highlights several concerning trends in modern cybercrime:

Insider Threats: The involvement of an active-duty military member raises questions about background checks and monitoring of personnel with sensitive access.

International Scope: The connection to potential foreign intelligence services transforms a criminal case into a national security concern.

Cloud Service Vulnerabilities: The targeting of Snowflake customers demonstrates how attacks on cloud service providers can have cascading effects across multiple organizations.

Extortion Evolution: The systematic approach to extortion, demanding specific ransom amounts and threatening data release, shows the professionalization of cybercrime operations.

Major Breakthrough: Four Arrested in £440M Cyber Attacks on UK Retail Giants
NCA Makes Significant Progress in Investigation into Attacks on M&S, Co-op, and Harrods Bottom Line Up Front: Four young people, including a 17-year-old and three individuals aged 19-20, have been arrested by the UK’s National Crime Agency in connection with devastating cyber attacks that cost major retailers up to
Breached CompanyBreached Company

This guilty plea involves two counts of "unlawful transfer of confidential phone records information," with each count carrying a maximum penalty of a $250,000 fine and up to 10 years in prison. The case sets important precedents for prosecuting military personnel involved in cybercrime and for addressing crimes that span both financial and national security domains.

The fact that Wagenius pleaded guilty without a plea agreement suggests either overwhelming evidence or cooperation in ongoing investigations. Many of the court documents for that case have been sealed and restricted from the public, indicating the sensitive nature of the investigation.

Spanish Cyberterrorism: 19-Year-Old Student Arrested for Massive Political Data Leak Targeting Prime Minister Pedro Sánchez
How a computer science student from Gran Canaria orchestrated one of Spain’s most significant political data breaches from his parents’ home, exposing thousands of high-profile figures in what authorities are calling an act of cyberterrorism Breaking News: Unprecedented Political Data Leak Rocks Spain In a dramatic turn of events that
Breached CompanyBreached Company

Conclusion

The Cameron Wagenius case represents a watershed moment in cybercrime prosecution, combining elements of insider threats, international espionage, and large-scale data theft. With sentencing scheduled for October 6, the case will likely influence future prosecutions of similar crimes and may prompt reviews of security protocols for military personnel with technical access.

The successful investigation and prosecution demonstrate that even sophisticated cybercriminals operating across international boundaries can be brought to justice through coordinated law enforcement efforts and private sector cooperation. As cyber threats continue to evolve, this case provides a blueprint for addressing complex, multi-jurisdictional cybercrime operations.

Read more